tim johnston created JENKINS-13817:
--------------------------------------
Summary: Jenkins Displays Accurev Password in Logs
Key: JENKINS-13817
URL: https://issues.jenkins-ci.org/browse/JENKINS-13817
Project: Jenkins
Issue Type: Bug
Components: accurev
Affects Versions: current
Environment: windows
Reporter: tim johnston
Assignee: Scott Tatum
When an accurev command fails, it displays the users' password in plain text.
You can see below that the password is properly obscured (with asterisks) when
the authentication takes place.
Unfortunately, the password is actually displayed in the fatal network error
line. Note that I manually changed it to ^^^^ when I pasted the text into this
bug report.
Error text:
Started by user anonymous
Building remotely on TestReport in workspace
D:\jenkins-slave\workspace\Test_Report_06_04_00_Budgeting_kvh223_WFOP_Macys_ora
Purging workspace...
Workspace purged.
Setting ACCUREV_HOME to "D:\jenkins-slave\workspace"
Authenticating with Accurev server...
[Test_Report_06_04_00_Budgeting_kvh223_WFOP_Macys_ora] $ "C:\Program Files
(x86)\AccuRev\bin\accurev.exe" login -H engaccurev:5051 tim.johnston ********
FATAL: network error - Can't connect to engaccurev.kronos.com for accurev: The
operation completed successfully.
Attempt to contact AccuRev server on engaccurev port 5051 failed.
Giving up.
AccuRev Error: 1
FATAL: login ("C:\Program Files (x86)\AccuRev\bin\accurev.exe" login -H
engaccurev:5051 tim.johnston ^^^^^^^) failed with exit code 1
Archiving artifacts
Recording test results
Notifying upstream projects of job completion
Finished: FAILURE
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
